Mostly Security

Chapters: 0:00 - Intro + Car Troubles 4:48 - St. Helens Hike 10:16 - BMC Exposed on Supermicro Servers 11:36 - MLIR Donated to LLVM Foundation 12:42 - Chandrayaan-2 Crashes 13:30 - "Amature" 25m Telescope 16:06 - Vulnerable Internet Radios 19:05 - Apple's Vulnerabilities 22:39 - Schneier's Doghouse 27:07 - MEASURE of DevSecOps 37:02 - How Big is a Proton? 39:56 - Windows 10 PowerToys 42:13 - how to  

Kids are back in school! Chainsaw carving. iOS exploit explanations. Realtime audio deepfakes. Ransomware isn't going anywhere. Google Play apps on HackerOne. Developing Modern Applications. A crossword game with regex. Tensorflow compilers. 0:00 - Back to School 1:30 - The Dining Philosophers Problem 4:00 - State Fair + Carver Kings 6:20 - Project Zero + iOS Exploits 7:30 - Realtime Audio Deepfakes 11:00 - Ransomware and Cities 15:19 - Google Play on HackerOne 21:44 - Developing Modern Applications 31:54 - Regex Crossword Game 34:52 - Tensorflow Compilers  

Chapters: 0:00 - Intro - Sourdough Starter 3:26 - Kite Festival 8:56 - (Last Year Kite Festival) 10:33 - exFAT Open Sourced 11:36 - IBM: Hold my Chip 15:37 - Microsoft + MFA 21:40 - Fortigate VPN RCE 32:28 - Fortigate Blackhat Slides 37:18 - Atomic PI Case 40:46 - Won't Be Big and Professional  

Eric does some camping, Jon does some hiking, and then there is another breach and Jon gets into some psychological motivational theory. Finally Eric is still stuck in space and Jon shares a biological discovery. 0:00 - Intro 1:35 - Cape Lookout Trail 3:00 - Tillamook 4:04 - YubiKey 5Ci 6:38 - EV Cert Lifespan 10:12 - MoviePass Breach 17:49 - Alex Stamos @ USENIX 2019 26:30 - Cool Milky Way Timelapse 28:57 - HIV discovered in 1966  

Chapters: 0:00 - Intro - Texas is Hot 3:19 - Death to EV Certs 6:09 - AWS IAM Complexity 8:44 - Wormable RCEs 12:28 - Screwed Drivers 24:54 - Atlas 5 Sunrise 26:48 - Perseid Meteors 29:43 - Star Walk 2  

Extra bits of fun wrap a bunch of ZDNET articles. 0:00 - Intro 7:19 - IP over Avian Carriers 9:30 - Disappearing Sunday Comic 10:50 - Chrome Extension Notes 12:32 - Cast/Snip is Shelved 13:30 - SHIELD Act 15:37 - AT&T Employee Bribes 18:48 - Chilean Voter Data Leak 22:44 - WiFi Dragonblood 27:08 - Raspberry Pi High Speed Camera 29:15 - Kingdom Hearts 31:48 - MacBook Touchscreen 34:10 - 4500 Year Old Yeast  

Chapters: 0:00 - Intro 2:20 - Galaxy's Edge 8:46 - NPM "Issues" 15:31 - ERROR 418: I'm a teapot. 16:52 - Hardened Runtime Entitlements 22:14 - Don't Jump, Scott 25:59 - EV Certs are Dead 29:20 - EC2 Danger 32:15 - Six iOS Bugs 38:02 - Redfish Lake 42:47 - Potential Alzheimer's Vaccine  

Ramen and Baked Baking Soda. Fencing Lowlights. Pi-hole experiments. HIBP Authentication, Plaintext Passwords and Encryption Backdoors. Nacho Analytics and Docker Escapes. More Space Goodness and Civ VI. 0:00 - Intro 0:42 - Ramen 3:38 - Fencing Lowlights 7:28 - Pi-Hole 11:54 - HIBP Authentication 16:15 - Plaintext Passwords 19:45 - Everybody wants backdoors 21:13 - Backdoors won't work 22:39 - Nacho Analytics 30:32 - Docker Escapes 41:08 - Chandrayaan 2 43:30 - Civ VI Expansion  

Chapters: 0:00 - Intro 9:00 - OMR Tokens 13:05 - iOS URL Scheme Hijacking 23:09 - FIDO2 Support in Active Directory 28:36 - Building WSL 31:42 - Prime Day Whoops 37:47 - National Hot Dog Day 40:40 - Pickle Day 42:41 - Apollo 11 Anniversary  

A super long Pixar Short, Trailer Towing, Tablesaws and Chainsaws, Earthquakes seen from a Raspberry Pi, Conferencing Software Gone Wild, Famous APTs, Medical Ooofs, The Patented Unhackable, and the Unraveling of the JPEG. Yep. That's the show. Guess which section the title comes from... 0:00 - Intro 11:55 - LA Earthquakes 14:04 - Zoom Ooops 19:30 - Silent Apple Fix 20:55 - Most Famous APTs 25:22 - Anesthesia Ooops 33:04 - Patented, Unhackable Computer 39:11 - JPEG Unraveled  

Chapters: 0:00 - Intro - Password Woes 5:00 - Bellroy Wallet 5:33 - Costanzaist 10:42 - The Stand 12:32 - Yubico FIPS Vulnerability 14:16 - D-Link Security Settlement 17:20 - Forced App Install 20:33 - OSX/CrescentCore 27:10 - FaceTime Attention Correction 33:23 - Bad News Trainer 36:51 - Fluorescing Plants 39:40 - Spiderman Far From Home  

I'm not sure why we put stuff in the summary that is just a repeat of the chapters... So let's try something new this week! Read the chapters! It will be fun! 0:00 - Tired Intro 4:16 - Godzilla: King of the Monsters 5:44 - MIB: International 6:54 - Android Supply Chain Followup 8:08 - Cloudflare throws shade 13:46 - Route Wazing 17:48 - Vogons 19:09 - Docker

A tale of two father's days. Google's cool with Sign in with Apple, and 1Password now supports Yubikey. A clever sports app violates privacy for license enforcement, and cameras are the most compromised IoT devices. Four, count them four fun things: Sagrada Familia's building permit, the national park type face, a passive listening device from the 40's, and apostrophe morse code. 0:00 - Intro + Key Lime Pie 4:15 - Google's comment on Apple's SSO 8:21 - 1Password + YubiKey 18:58 - La Liga Audio Snafu 23:56 - Most Compromised IoT Devices 30:02 - Sagrada Familia Building Permit 31:45 - National Park Type Face 33:11 - Surveillance Kit 37:00 - Red Handed Lyrics  

School is out. Apple updates the Enterprise App Agreement and will send unknowns calls to voicemail. Package dependencies continue to be a problem. HIBP is looking for a home. Vim has a bug. Android supply chain issues. Rambleed. Eric relates a story about his ISP and Jon relates a remote VS Code story. (All in way less than an hour.) 0:00 - Intro 7:24 - Apple Enterprise Changes 10:18 - Spam -> Voicemail 13:48 - Package Dependencies 17:15 - Project Svalbard 19:45 - Vim Bug 21:48 - Android Supply Chain 25:12 - Rambleed 31:20 - Eric's ISP Adventures 37:23 - Remote VS Code on RPi  

Eric's back from Chicago and Jon's destroying things with mowers. WWDC is going on, with some interesting security announcements already. Elastic buys Endgame, Quest Diagnostics is breached, and real life bank heists aren't like Hollywood movies. Eric had a good trip to NIST and Jon agrees with his buddies Gates and Buffet that Dairy Queen is Tasty. 0:00 - Intro -- Will it Flail? 8:56 - Sign In with Apple 12:35 - App Store Guidelines 17:01 - WWDC Keynote 22:50 - Elastic Buys Endgame 26:20 - Quest Diagnostics Breach 30:23 - Months not Seconds 32:32 - Bitdefender Report 39:15 - NIST is Nice 43:01 - Buffet and Gates  

No honey yet, but we now have a "Days Since Last Facebook Scandal" counter. If you only had an hour to talk security, what would you say? SnapChat joins Facebook, and not in a good way, so just plan for some users being evil. If your name is Jared and you played high school lacrosse, the world is your oyster (apparently). MS-SQL and PHP together enjoy some rootkit malware and another Docker bug. Finally: Earthquakes, Murals and Table Saws. 0:00 - Intro 4:23 - dayssincelastfacebookscandal.com 5:11 - Campaign Security 10:52 - SnapLion 12:48 - Some Users will be Evil 13:17 - Explainable AI 15:24 - MS-SQL + PHP = Rootkit Malware 21:33 - Docker Race Condition 27:55 - Peru Earthquake seen in Oregon 29:32 - Chronicles of San Francisco 31:39 - SawStop

Eric and Jon are in Arizona; people seem to like the bees, and Jon gets to revel in his Bitcode conspiracy a little more. Instagram data found in an 'influencer' breach, and Google releases two factor auth effectiveness data. Jon's curious about Minecraft Earth, and everyone needs to sleep more. 0:00 - Intro 5:46 - More Bitcode Conspiracy 14:18 - Instagram Influencers Scraped 19:48 - 2FA Effectiveness Data 33:08 - Minecraft Earth 36:57 - Go to Sleep  

I've always wondered if anyone actually bothers to read the summary. You know, if I don't "summarize" the episode, would anyone notice? If they did, would they care - and now that I've started the summary this way, do I go ahead and actually summarize anyway? Like, should I mention Jon talking about bees again? Or the quick little follow ups on MDS Attacks, GitHub's Package Registry or Social Proofs? Hacking the "unhackable" might be a good thing to mention, along with a software update "crashing" ankle monitors in the Netherlands. Oh, yeah - and then there's the SHA-1 Collision Attacks that are moving from theoretical to practical. But surely nobody wants to know about learning languages at an older age or photobioreactors in space or the fact that scientists have created a living organism from human-made DNA... 0:00 - Bees. What else? 5:22 - MDS Attacks 7:46 - GitHub Package Registry 9:18 - Social Proofs 11:30 - Hacking the "unhackable" 15:01 - Software is Everywhere 17:28 - SHA-1 Collision Attacks 23:38 -

Go see Avengers. And don't be jealous, Star Wars, just Use the Force, Harry. Data on Let's Encrypt, HoloLens' live demo doesn't, and we reference two past episodes (37 and 39). Ransomware is targeting source on GitHub, Jon talks containers for Too Long, and a clever CSS hack. For fun, Eric likes the Texas Sand Fest winner and an AirPod that's 'been there, done that.' (no thank you). Jon is excited for Windows Terminal (go browse the source!). 0:00 - Intro 3:00 - Avengers: Endgame 4:36 - What does Star Wars have to do with it? 6:52 - Use the Force, Harry 8:19 - Let's Encrypt 9:30 - HoloLens Demo @ Build 12:24 - Mostly Security Episode 37 14:26 - GitHub Ransomware 16:35 - Mostly Security Episode 39 20:11 - Container Misconceptions 31:42 - Tracking with :hover 35:23 - 2019 Texas Sand Fest 36:19 - Man Swallows AirPod 38:24 - Windows Terminal  

Jon's in Ireland, Eric's in Oregon, both are half asleep. Cast/Snip, meet Sherlock. Hardware is hard. Kids are smarter than you think. Let's Encrypt is great. Cryptocurrencies gonna Cryptocurrency. Telnet Server on Wheels. Sneaky robots.txt. Renting a parking space is cheaper than Office Space. Finally, what every podcast needs is MORE COWBELL.